From 87fe645d8a4999fc9647c9f096651705145c3cf1 Mon Sep 17 00:00:00 2001 From: Stefan Haun Date: Mon, 4 Jul 2022 16:17:43 +0200 Subject: [PATCH 1/5] Add mod headers to apache --- roles/apache/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml index b4e280c..1e21dea 100644 --- a/roles/apache/tasks/main.yml +++ b/roles/apache/tasks/main.yml @@ -12,3 +12,4 @@ with_items: - rewrite - ssl + - headers From 21b6fe03358f06e2e9fb3b99fb1c9acea726b14d Mon Sep 17 00:00:00 2001 From: Stefan Haun Date: Mon, 4 Jul 2022 23:26:34 +0200 Subject: [PATCH 2/5] Enable proxy modules in Apache2 --- roles/apache/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml index 1e21dea..e29fd96 100644 --- a/roles/apache/tasks/main.yml +++ b/roles/apache/tasks/main.yml @@ -13,3 +13,5 @@ - rewrite - ssl - headers + - proxy_http + - proxy_wstunnel From 45206f4413c253f3124ffbf0feacc39c1f1cdf33 Mon Sep 17 00:00:00 2001 From: Stefan Haun Date: Mon, 4 Jul 2022 13:59:13 +0200 Subject: [PATCH 3/5] Add proxy headers --- .../templates/apache-docker-proxy-site.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 index 43958bd..287cb0e 100644 --- a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 +++ b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 @@ -30,5 +30,8 @@ SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem ProxyPass / http://{{ backend_host | default("localhost") }}:{{proxy_port}}/ + RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} + RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS} + From 48a4119420047b1b86b8e01b3470a3ffb1f6c400 Mon Sep 17 00:00:00 2001 From: Stefan Haun Date: Mon, 4 Jul 2022 14:01:09 +0200 Subject: [PATCH 4/5] Add rewrite rules for websockets --- .../templates/apache-docker-proxy-site.j2 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 index 287cb0e..f81280c 100644 --- a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 +++ b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 @@ -33,5 +33,12 @@ RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS} + + # see documentation of wstunnel: This allwos generic websocket passthrough + RewriteEngine On + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteCond %{HTTP:Connection} upgrade [NC] + RewriteRule ^/?(.*) "ws://{{ backend_host | default("localhost") }}:{{ proxy_port }}/$1" [P,L] + From 9bd5d8e71edd10a7e7409f60a5b8106899fe7f11 Mon Sep 17 00:00:00 2001 From: Stefan Haun Date: Mon, 4 Jul 2022 14:01:33 +0200 Subject: [PATCH 5/5] Make cert availability check more robust --- .../templates/apache-docker-proxy-site.j2 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 index f81280c..d64dc95 100644 --- a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 +++ b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 @@ -14,7 +14,9 @@ - + + + ServerAdmin {{ server_admin }} ServerName {{ site_name }} @@ -42,3 +44,5 @@ + +